JAVA-2740: Work around JDK bug that can cause SCRAM-SHA-1 authentication to intermittently fail, by synchronizing on the SecretKey in order to avoid premature finalization.

jyemin · jyemin · commit 308c5fbd57af · 2018-01-22T11:36:06.000-05:00
See https://bugs.openjdk.java.net/browse/JDK-8191177 for the bug report and https://bugs.openjdk.java.net/browse/JDK-8055183 for the suggested workaround
diff --git a/driver-core/src/main/com/mongodb/connection/ScramSha1Authenticator.java b/driver-core/src/main/com/mongodb/connection/ScramSha1Authenticator.java
@@ -22,6 +22,7 @@
 import org.bson.internal.Base64;
 
 import javax.crypto.Mac;
+import javax.crypto.SecretKey;
 import javax.crypto.SecretKeyFactory;
 import javax.crypto.spec.PBEKeySpec;
 import javax.crypto.spec.SecretKeySpec;
@@ -230,7 +231,13 @@ private byte[] hi(final String password, final byte[] salt, final int iterations
             }
 
             try {
-                return keyFactory.generateSecret(spec).getEncoded();
+                SecretKey secretKey = keyFactory.generateSecret(spec);
+                // Workaround for https://bugs.openjdk.java.net/browse/JDK-8191177, as suggested in
+                // https://bugs.openjdk.java.net/browse/JDK-8055183
+                //noinspection SynchronizationOnLocalVariableOrMethodParameter
+                synchronized (secretKey) {
+                    return secretKey.getEncoded();
+                }
             }
             catch (InvalidKeySpecException e) {
                 throw new SaslException("Invalid key spec for PBKDC2WithHmacSHA1.", e);
